Saturday, February 28, 2009

As you wish ....

Smacks of post-modern literary criticism, but funny post-modern literary criticism.

Range Report - Ruger Blackhawk

Unless you're a classic car aficionado, you wouldn't want a Stutz Bearcat. Unlike the Colt 1911 from the same year, this design lacks some features that most people have simply come to expect on a high-end luxury automobile: electric starters, seat belts, climate control.

Now imagine if the Ghost of Harry Stutz came back, determined to design the 2009 equivalent of the Indy-Car Luxury Coupe. This wouldn't be your typical Detroit Coffin.

The Ruger Blackhawk in .38 Special/.357 Magnum seems sort of like this - a modern incarnation of the Single Action Army (photo out of focus not because it was taken with an iPhone, but because the photographer was working on a fever; out of focus seemed a bit normal).

Now both my regular readers know about my love affair with old-style guns: the 1911, the Security Six, the Winchester 1894. So this seemed like a natural, and when #2 Son's eyes lit up, we just had to shoot it.

This one has very nice wood grips, although as I've said, Mammoth Ivory may be a sign of a character flaw, but I want 'em. The most notable feature in my opinion, though, is the loading door to the left of the cylinder. The cylinder doesn't swing out, like the Smith and Wesson 625. Rather, you open the door and eject each chamber one at a time. There's an ejector rod to push the expended shells out. You push, rotate the cylinder to the next chamber, push, rotate, and repeat until they're all out. Then you load fresh cartridges into the chambers, again, one at a time. Load, rotate, load, rotate. I can see why the Cowboys liked to carry two guns, because if you had to reload in the middle of a gunfight, you could very well end up dead.

The picture shows the ejection rod being worked. If you're fast, the case will fly out of the cylinder. If you hesitate, the case is left half in, half out, and you have to grab and pull. In other words, reloading isn't just slow, it's continental drift slow.

This pistol is Single Action only. You have to manually cock the hammer before firing. Maybe this is what made me think of the Stutz - crank to start. This slows down the rate of fire, so that "slow fire" is the only option. Given how long it takes to reload, maybe this isn't a bad idea.

Adding to the items in the "unexpected" column, this is a heavy pistol. #2 Son tried several times to shoot it one-handed, and always ended up with a two-hand grip. He's a strong kid for 13 years old.

So why do people swear by this pistol? Why is this the equivalent of the designed-by-the-ghost-of-Harry-Stutz? Why would I shoot this again, in a heartbeat?

In a word, accuracy. My marksmanship is modest by any measure, and this pistol let me do this:

Six shots, three holes, first time I shot it. 25 feet. Everything's slow fire, remember?

The trigger and sights are superb. It's surprising how hard this picture was to take, and it still doesn't capture just how good the sight picture really is. This is simply an outstanding target shooting pistol.

For a fight (Lord forbid), I'd want a 1911 - or the S&W 625 with a bunch of moon clips. But for target shooting, this is the best I've ever shot. Not that that says much.

Oh, and the standard disclaimer:
I'm not any kind of gun or shooting expert. I like shooting, and shoot a fair number of different guns, but I'm really a dilettante. Your mileage may vary, void where prohibited.

I don't do scientific, repeatable tests. There's no checklist, although that's not a bad idea. I write about what I like and don't like, but it's pretty much stream of consciousness. Opinion, we got opinion here. Step right up.

I'm not a shooting teacher, although I do like to introduce people to shooting. Maybe some day I'll take the NRA teaching class, but until then, you get a dilettante's view. You'll get opinion here, but if you get serious about shooting, you'll want to get someone who knows what he's doing to give you some pointers. It can help.

And oh yeah, shooting things is fun.

Alison Kraus and Union Station - The Lucky One

I'm a lucky man. Sometimes things happen that show you just how lucky you are. I'm changing jobs, leaving BigTech Company for the third Internet Security startup I've tried (third time's a charm!). It's a chance a lot of folks don't get - I'm a lucky man.

But what's really made me think that I'm lucky is the outpouring of "we'll miss you" email and phone calls from other folks at Big Tech Company. It's meant a lot to me.

Alison Kraus is one of the most amazing musical talents of our time. She was nineteen when she won her first Grammy, on her way to the current count of 43 (!). Her band, Union Station contains some of the finest Bluegrass musicians around, although they play a wide range of music styles. Her voice has a pure, almost ethereal quality which is usually center stage.

The Lucky One won her one of her Grammys (in 2001). Today's Saturday Redneck is about reflecting on the luck in your life.

You're the lucky one so I've been told
Free as the wind blowin' down the road
Loved by many, hated by none
I'd say you were lucky 'cause I know what you've done
Not a care in the world, not a worry in sight
Everything is gonna be alright 'cause you're the lucky one

You're the lucky one, always havin' fun
A jack-of-all-trades, a master of none
You look at the world with a smilin' eye
And laugh at the devil as his train rolls by
Give you a song and a one-night stand
You'll be lookin' at a happy man 'cause you're the lucky one

Well you're blessed I guess
For never knowin' which road you're choosin'
To you the next best thing
To playin' and winnin' is playin' and losin'

You're the lucky one, I know that now
Don't ask you why, when, where, or how
You look at the world through your smilin' eye
And laugh at the devil as his train rolls by
Give you a song and a one-night stand
You'll be lookin' at a happy man 'cause you're the lucky one

You're the lucky one, I know that now
Don't ask you why, when, where, or how
No matter where you're at it's where you'll be
You can bet your luck won't follow me
Just give you a song and a one-night stand
You'll be lookin' at a happy man 'cause you're the lucky one
And just because, here's When You Say Nothing At All, just because.

Friday, February 27, 2009


Another Facebook malware app

If you get a Facebook message saying that you've been reported as violating its terms of service, don't click on it. Don't run it.

It's malware.
Ignore it - it's harmless if you don't click on it.

Soldiers, get ready for 200 pound backpacks

But don't worry, you'll get a powered exoskelton which will take most of the load.

I don't know if I want one, but it's pretty cool:

You know, ifI had a 200 pound backpack, I think I would want one.

UPDATE 28 February 2009 09:51Bob in a coment leaves an outstanding suggestion to control the width of embedded YouTube videos. Fixed.

Thursday, February 26, 2009

Cap and Trade

The critics are wrong; it will do precisely what its supporters want:

As a practical matter, "cap and trade" will . . .

* Raise your electricity and gasoline bills
* Provide politicians with new tools to control the economy, hand out favors, and punish enemies
* Be as ineffective in doing "research" as the Energy Department has been
May has a must-read.

Patch your Flash Player

Adobe has issued a patch for a bunch of security holes in Flash - the stuff that makes YouTube the Shizzle Flippity Floppity Floop. Since this runs in basically every browser, all of Al Gore's Intarwebz is vulnerable to this.

You, too.

So get patching. The Bad Guys are exploiting this one. If you click on a video, you might get more than you expect.

Mac and Linux fanbois, too. You're less likely to have code targeting you, but it will run if someone wants to go after you.

Hat tip, Brian Krebs at Security Fix. The whole post is worth a read.

Kindle Security

Interesting post by Chris Hoff. Kindle aficionados should go read.

I must confess to being a bit of a Luddite here - I read dead trees. I have an excuse, though. I grew up in Maine, within nose shot of the paper mill. Smells like jobs.

Microsoft serves up security spin

Bad security spin, as it turns out. There has been a monstrous security hole in Windows for years, where Windows will silently and automatically execute software off of USB devices. Malware has increasingly targeted this ability, and has caused a lot of recent infection on classified military networks.

It has not been possible to disable this "Autorun" feature sufficiently to prevent infection. You can imagine the "discussion" that the DoD had with the Lads from Redmond. So now there's a patch that fixes this enormous security hole - you know, the one that malware used to infect military computers.

Except it's not a security patch:
Ironically, Microsoft describes the fix as a "non-security update," and it offers this explanation: "In this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."
Huh? Classified computers got infected. I-N-F-E-C-T-E-D. But no security fix to see here. Move along, folks.

This episode doesn't pass the sniff test. The fact that they feel the need to spin us speaks volumes about their attitude towards security.

The word for the day: Priapism

One of the things we see in the Security Biz is a lot of spam hawking cut rate Viagra. Most of the time, if you trace down the "factory", you'll find a P.O. Box in Toronto or something. In other words, the pretty blue pills are made out of binder.

So what happens when they're not made out of binder? Well, you learn a new word:
A 23-year-old male from the Dominican Republic spent five days in hospital suffering from an attack of priapism while doctors battled in vain to encourage his hideously empurpled member to succumb to deflatory treatment. ....

"A young patient was admitted a few days ago with a priapic problem. We carried out the usual treatments to encourage the penis to soften, but didn't manage to obtain the desired result."
Those TV ads that say seek medical attention if your (ahem) lasts longer than four hours? How about six days? Boy, howdy.

The Reg has - as you would expect - the finest dry snark.

I expect that if I watched Doctor shows of the TV, I'd know that word.

Wednesday, February 25, 2009

Happy Blogiversary, LawDog

Three years old. Still looking spry for the age, too!

Climate scientists: Global Warming is bunk

It seems that there's even a scientific consensus:

Three of the five researchers disagree with the UN's IPCC view that recent warming is primarily the consequence of man-made industrial emissions of greenhouse gases. Remarkably, the subtle and nuanced language typical in such reports has been set aside.

One of the five contributors compares computer climate modelling to ancient astrology. Others castigate the paucity of the US ground temperature data set used to support the hypothesis, and declare that the unambiguous warming trend from the mid-part of the 20th Century has ceased.

Astrology. Heh.

If you, like me, are interested in this subject, you should RTWT. It's pretty long, but includes extensive portions of the report.

Microsoft: Linux bigger threat than Apple?

Microsoft's CEO Steve Ballmer gave a presentation showing Linux with a bigger deployed base than Apple.
In any case, it appears that Linux (and piracy) is a larger blip on Microsoft's radar than Apple, and it's not hard to see why. With an economy that's not doing very well, people will opt for cheaper products. Apple cannot offer those, but Linux and piracy can.
Follow the link to the article, which has a copy of Ballmer's presentation slide.

Netbooks are the fastest growing segment of PCs, and Linux is a big part of that. Apple (so far, at least) doesn't have a netbook offer.

Linux is also a big part of servers in corporate computing centers. It's not at all clear that Microsoft will win the server OS war.

Hat tip: Slashdot.

The Future - Ur doin' it rite, akshly

The snarky question always asked when the conversation turns to past predictions of future technology is so where's my flying car?

Well, right here:
The designers behind a car that flies with the aid of a parachute, say they have reached another milestone in the project - flying in the skies over Africa. [warning: annoying video ad required]
The company flew the car from London to Africa.

In other news of the future, tonight's dinner is from pills.

Hat tip Slashdot.

Tuesday, February 24, 2009

Justice in No-Knock raid gone bad?

A little over two years ago, a informant in Atlanta lied to the police, saying that there were drugs in Kathryn Johnston's house. The police executed a "no-knock" raid, during which Mrs. Johnston was shot down.

In the aftermath, the police covered up the fact that there had been no justification for the raid.

Today three members of the Atlanta police were sentenced to prison for the cover up.

So the War On Drugs claims 4 lives: Mrs. Johnston, shot down for a lie; and three officers, corrupted by the War on Drugs to the point that they couldn't see anything but a lie. What a sad, sad waste.

You can learn all you need to know about the War on Drugs by reading the text of the Twenty First Amendment. If you need more than that, check out the St. Valentine's Day Massacre. Lord give this Republic the wisdom it had 76 years ago.

Hat tip Tam, in the chat session of Gun Nuts Radio.

Class Warfare, Racial Prejusice, and Religous Intollerance

We used to know what came from all that. Guns and Guts has a film from the archives that is astonishingly pertinent today.

I can speak from experience, that thirty years ago the Democratic Party wasn't remotely like it is now. Sic transit gloria mundi. And a cryin' shame it is, too.

How come nobody's talking about PMI?

Gator raises a simply outstanding question:
No one's talking about it, but what about the private mortgage insurance (PMI) or mortgage insurance premium (MIP) bullshit that was supposed to protect the investors from things like this?
When I bought my first hous, back in the Pleistocene Age, PMI was the biggest monthly irritant we had. Each month, we had to shell out something like $150 for what was essentially an insurance policy. Once I owned 20% or 25% of the house value, I could drop the PMI. Happy dance time.

So, if PMI is for people who don't have enough principle, why doesn't that cover the forclosure issue? Is PMI "so 1980s" these days?

Nigerian Scammers break into UK Foreign Minister's Webmail

Constituents of Jack Straw, the UK Foreign Minister, received a strange email. It claimed that he had lost his wallet while on a trip to Nigeria, and he needed $3000 to get home.

Never mind that he the Foreign Minister of the UK.Gov, and that the embassy presumably will take care of him. Never mind that it asked for dollars, rather than pounds sterling.

It's someone from Nigeria asking for money. Duh.

The email, sent from a Hotmail account, claimed Straw was in Nigeria promoting a charity called Empowering Youth to Fight Racism, and was supposedly in trouble after losing his wallet. One constituent reportedly replied to the bogus email, but no money was offered.

The Hotmail account used in the attack was later suspended but Straw's official website still lists as an email contact address for those interested in reaching the Blackburn MP.

Long-time readers will remember that this isn't the first time that a high profile politician has had their email account compromised. Sarah Palin's email was hacked during the election.

Doubleclick serves up malware. Again.

The web advertisement server company DoubleClick is - once again - inadvertently serving up malware in ads that it hosts.

Google's DoubleClick ad network has once again been caught distributing malicious banner displays, this time on the home page of eWeek.

Unsuspecting end users who browse the Ziff Davis Enterprise Holdings-owned site were presented with malvertisements with invisible iframes that redirect them to attack websites, according to researchers at Websense. The redirects use one of two methods to infect users with malware, including rogue anti-virus software.

So, DoubleClick can't be bothered to check if there's malware in the ads that they serve up to annoy you.

Not that you'd want to prevent any ads from coming your way - with or with out malware - but here's a way to make doubleclick ads go away. Of course, I only describe this for hypothetical use. I'm sure that both my readers are eager for more malware-laden adverts.

For Windows computers:

1. Open a Command Prompt.

2. Change to your C: drive (type "C: ")

3. Type "notepad %systemroot%\system32\drivers\etc\hosts.". This will open up notepad to edit the "hosts" file. We'll add a magical entry to put DoubleClick into a black hole. You'll get something that looks like this:

Remember that there's a % sign on both ends of the word systemroot. Notice the line that says " localhost". The IP address is a special address that always refers to the local computer. Every computer that runs IP will recognize this address as being itself. It's sometimes called the "loopback" address, or more rarely, the "home" address.

You may even some day see a guy wearing a T-shirt that reads "There's no place like". Pity him.

4. Here's the fun part. We're going to make DoubleClick point to the loopback address. add a line at the end that reads: *
5. Save the file. When you save, make sure that it's not saved as a Text file - there's a "Save as type" option where you should pick "All files". This will save the file with the file name "HOSTS" instead of "HOSTS.TXT".

If you're using a laptop from work, you may not have administrative rights to do this. At home, you should be good to go.

Now any time that your browser goes to a we page that references, your computer will try to connect to itself, instead of to the ad server. Since you don't have a web server on your computer, that link will break (you may see a big red X where the ad was supposed to go).

This technique is 100% guaranteed to prevent you from ever getting malware via a Doubleclick ad.

Linux guys, you'll want to do something uber-elite like:
# cat " *" >> /etc/hosts
Of course, you didn't need me to tell you that. You don't need to worry about malware from the ads, but this will turn off the annoying adverts.

Mac Users, probably the same as Linux, because OS X is BSD Unix under the hood.

Monday, February 23, 2009

That'll leave a mark

Mother: “Give me that gun!”

Child: “No!”

Mother: “Give ME THAT GUN!”

Child: “No!”

Mother takes the gun.

Child cries.

Father (from Kitchen Table): “Give him back that gun, Nancy Pelosi!”

There's more, much more.

American Princess is right - that wouldn't happen in Massachusetts.

Bill Gates: Frustrated with Windows

With all the anti-trust suits filed against Microsoft, you know that something interesting had to come out in disclosure. Well, folks have been combing the email archives for interesting messages from Bill Gates. While this is pretty irrelevant to anything, there's a fabulous rant he wrote in 2003 about how hard it was to use Windows.

Gates tried to download a program called MovieMaker. After a couple of hours during which told him he needed 17 MB (!) of security patches (!!), he wasn't any closer to having MovieMaker:

What is there? The following garbage is there. Microsoft Autoupdate Exclusive test package, Microsoft Autoupdate Reboot test package, Microsoft Autoupdate testpackage1. Microsoft AUtoupdate testpackage2, Microsoft Autoupdate Test package3.

Someone decided to trash the one part of Windows that was usable? The file system is no longer usable. The registry is not usable. This program listing was one sane place but now it is all crapped up.

But that is just the start of the crap. Later I have listed things like Windows XP Hotfix see Q329048 for more information. What is Q329048? Why are these series of patches listed here? Some of the patches just things like Q810655 instead of saying see Q329048 for more information.

What an absolute mess.

Moviemaker is just not there at all.

So I give up on Moviemaker and decide to download the Digital Plus Package.

Not that it was any easier getting that. It's quite an interesting read, especially the unexpected punchline at the end (which I won't spoil). It has the ring of truth to it.

Things that cause Global Warming

Carbon Dioxide, they tell us. SUVs, they say. Too much beefsteak, I hear.

Well, it seems something else causes Global Warming: bad sensors.
A glitch in satellite sensors caused scientists to underestimate the extent of Arctic sea ice by 500,000 square kilometers (193,000 square miles), a California- size area, the U.S. National Snow and Ice Data Center said.
Remember poor Mrs. Polar Bear and her cubs, drowning in the ice-free ocean? Oops.

[Emily Latella]

Never mind.

[/Emily Latella]

But don't worry, there's an explanation:
Walt Meier writes with a clarification: “One detail, though perhaps an important [one]. I realize that it is bit confusing, but it is just one channel of the sensor that has issues. And it isn’t so much that it “failed”, but that quality degraded to the point the sea ice algorithm - the process to convert the raw data into sea ice concentration/extent - failed on Monday.
See, it wasn't the sensor that failed, it only degraded. It was the computer model that failed. But it's a different model than the ones that show the earth is irreversibly warming, so don't worry.

Hey you deniers! Get the heck off my lawn!

Evil Dictator Fail

Suppose you were an evil mastermind. You've already been inducted into the Evil League of Evil. You've taken over a major industrial power. Your henchmen excel at goose stepping, and your Evil Uniforms are simply fabulous.

Now you turn your evil attention towards England. Your armies marshall. Your air legions blot out the sun. Which place, in all that green and pleasant land do you tell your minions they must spare from destruction? Because it's going to be your vacation spot?

Blackpool escaped being blitzed during the Second World War because Hitler wanted to use the resort as his personal playground.

The Fuhrer planned to watch his triumphant troops goosestepping down the seafront's Golden Mile before unfurling the swastika flag on top of Blackpool Tower.

The plan to spare Blackpool made little military sense. ...

The reason has now been explained in documents recovered from an old German military base.

Gee, ya think?

Wile I think that we can all agree that Operation Barbarosa was the crown jewel of der Fuhrer's geopolitical strategic fail, this is a Faberge Egg of fail - gaudy, useless, and symbolizing the bankruptcy of his vision.

In other recently discovered Nazi documents, we find his plan for Adlerhorst U.S.A located in Atlantic City.

Sunday, February 22, 2009

Catch up on your scatblogging

Over at Lissa's place. Og may be retired, but she's stepped into the void.

Blogroll addition

I'd say that Newbie Shooter is a new blog, but it's been around longer than this one. New to me, I guess. Stop by and take a look - he has a pretty interesting debate going with someone who wants to ban "assault weapons".

Also, here's an open invitation to any bloggers out there - if you have me on your blogroll and I haven't added you, please ping me via email. Reciprocity is a virtue, and something that we strive for here Chez Borepatch.

H&K UMP-40

I really shouldn't call this a range report, since I only fired one round. It works as advertised. My motivation was different.

Col. Jeff Cooper wrote at length about the Machine Pistol in To Ride, Shoot Straight, and Speak the Truth. He wasn't a fan.
It is my profound conviction, based on a great deal of experience with it, that the MP is a silly weapon - clumsy, wasteful, puny for its bulk, over-prone to run dry at the most inconvenient moment, and a source of frequently lethal over-confidence.
Other than that, how did you like the play, Mrs. Lincoln?

I must admit a certain sympathy to Col. Cooper's view. Perhaps it's because I'm such an old stick-in-the-mud: I could be happy shooting nothing but revolvers, the 1911, and the Winchester 1894. Century-old designs, there.

But as anyone who's ever had children knows, this is not Burger King, and you (mostly) can't have it your own way. A more expansive and generous view is why not have lots of designs, and let a thousand flowers bloom? As it turns out, the MP has one characteristic in abundance, and even Col. Cooper recognized this:
Fully automatic fire can be fearfully effective - off a tripod or a vehicular bracket. An honest-to-God machinegun, shooting a full-sized rifle cartridge and handled by a team of experts, can win battles - not just fights. But hand-held automatic fire is generally a drag. It is great fun, but to be taken seriously only if fun is the object of the exercise.
While I'm not qualified to comment on Col. Cooper's professional assessment, here Chez Borepatch I can confirm that the mission objective was indeed fun, and the mission was achieved.

It's not often that I get #1 Son out to the range with me. Alas, he's not as interested in marksmanship as #2 Son. But fun - Col. Cooper's glamorous racket? That's entirely different.

The UMP-40 has a prodigious appetite for .40 cal, and while I indulged #1 Son in renting it that day, we only got one box. #1 Son made good use of the selective fire switch - single round, two shot burst, five shot burst, and continuous. More specifically, he only used continuous at the end when we were about to leave, and with the ammo he had been saving up for an extended burst.

So would I shoot this, given the chance? Depends on whether someone else is paying for ammo. Ranges that rent guns must love these, since to really give it a whirl you'd want 4 or 5 boxes. Maybe I'm stuck in a rut, with my old school designs, but as I said before, my motivations were different that day. Shooting with the family is a high priority for me, and if that takes automatic, then so be it.

Postscript to exile from Requiem for a Republic: We rented, so I'm not sure it would do any good to adopt you. We unfortunately don't have the cash to keep a bunch of fully automatic guns around the house. This being Massachusetts, it would certainly be fun to do this to give the vapors to the bien pensants, but it's cost-prohibitive. But let me know if you're ever in the area, and we'll go shoot it. With more than one box of ammo. ;-)

Saturday, February 21, 2009

Rock Opera - Foolish Pride

Country music isn't the only genre that sings about foolish pride- this is a common thread that appears all through Opera, and which has been picked up my rock.

Baz Lurhmann picked up this thread and wove it completely through Moulin Rouge. This is wildly creative, fusing Opera, Rock Opera, and slapstick into a heart-stoppingly beautiful statement of love, foolish pride, redemption, and loss.

Nichole Kidman and Ewan McGregor sing, as well as act their parts. The film is a silent rebuke to George Lucas, who didn't have the slightest idea how to get a similar performance from any of the terrific actors in the last three Star Wars films.

If you haven't seen this, you're in for a treat. As the credits say at the very end:
A film about truth ...
beauty ...
freedom ...
foolish pride ...
and most important ...
Well, it mostly says that.

Travis Tritt - Foolish Pride

Travis Tritt combines rocking/outlaw with classic country roots, and has had more than 30 songs on the Billboard Hot Country chart. Today's Saturday Redneck is a counterpoint to last week's mad passion valentine's day song.

One of the things I like about Country music is that it deals with a broader range of emotions and situations that rock and roll. Sure, there's rebellion and defiance, but also love and tenderness. Country is filled with songs about foolish pride, which should be a lesson for us all.

<a href="">Travis Tritt - Foolish Pride (Single Version) (Video Version)</a>

Foolish Pride (Songwriter: Tritt)
She stayed up all night and cried into her pillow
And fought off the urge to just break down and call
Last night to find the fault seemed so darn easy
But now whose to blame don't matter much at all
She thinks if she calls him it just shows weakness
So the hurt goes on with every tear she's cried
Ain't it sad to see a good love fall to pieces
Chalk another heartbreak up to foolish pride

Turn out the lights the competition's over
The stubborn souls are the losers here tonight
And while the bridges burn, another hard-hard lesson's learned
As through the ashes passion slowly dies
And this romance goes down to foolish pride

He relives every word they spoke in anger
He walks the floor and punches out the wall
To apologize to her would be so simple
But instead he cries I'll be damned if I'll crawl
If he loses her he's lost his best friend
And that's more then just a lover can provide
So he wrestles with emotions that defeat him
Chalk another love lost up to foolish pride

Turn out the lights the competition's over
The stubborn souls are the losers here tonight
And while the bridges burn, another hard-hard lesson's learned
As through the ashes passion slowly dies
And this romance goes down to foolish pride

Chalk another heartbreak up to foolish pride

Friday, February 20, 2009

Why CyberSecurity Czars don't work

It's been an interesting week in security. First was the report that showed that the number of computer security incidents at Federal agencies has tripled since 2006:
The number of cyber security incidents at federal civilian agencies reported to the US Department of Homeland Security's US-CERT has tripled since 2006. In fiscal 2008, 18,050 incidents were reported, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006. Agencies are required to report cyber security incidents under the Federal Information Security Management Act (FISMA); such incidents include unauthorized access, denial of service, malicious code, improper use, scans, probes and attempted unauthorized access.
Things are pretty serious for the Fed.Gov security types. USB thumb drives have been banned after classified network suffered malware outbreaks. So what's the plan from the presumptive CyberSecurity Czar?
"Who is in charge [in the event of] a cyber-Katrina?" said [Paul] Kurtz, who served on homeland security councils for both the Clinton and Bush administrations and is now a security consultant with Good Harbor. "Is it the FCC? DHS? Commerce? The White House? No one has an answer to that, and that's pretty darn scary."
I'll take Bureaucratic Infighting for $500, Alex ...

Color me unimpressed. Water has flooded the engine rooms, and is up to the scuppers, and people are arguing who's Captain?

I guess that Kurtz deserves kudos, going to the Black Hat Security conference, even though it's thoroughly mainstream now. But hokey smokes, there's more to worry about than who's on first.

Like what if Bad Guys (meaning "Foreign Adversaries") close down the Port of Long Beach because their malware toasted all the computers who handle logistics there. And at the port of New Orleans. And Houston, and Newark, and Beaumont, and Baltimore ...

How do you stop the 3rd Infantry Division? You don't bomb it, because we own the skies. You don't shoot it up, because they shoot back. Better.

But if it doesn't get any gas or ammo, it stops cold.

The Army better be thinking about this first, not who's in charge during the Cyber-Katrina.

Mr. Kurtz, some people want to be someone. Others want to do something. Dazzle me.

Postscript: It seems that Google has me as the #1 hit for how to hack a classified network. Lord save us.

Best Barbeque in Atlanta

Swallow in the Hollow, on Green Street in Roswell. The building looks like it's been condemned, so you know the food's good. Plus, they have live Nude Girls music.

Yeah, I know there's Dreamland. Sorry, I was never impressed. Pappy Red's gets retro bonus points, but they don't have live Nude Girls music.

Taken with the Treo phone's camera. Good for snapshots, but that's about all. The iPhone camera is much better, but is still pretty much just for snapshots.

There was an earth-shattering Kaboom

Made of awesome, that is.

And no, Doubletrouble, we won't ask to do this at the next blogshoot, unless you have a spare house somewhere ...

Hat tip: Ryjones.

Help us, favored Sons of Texas

Save us from the Stupid Party:
Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.
Of course, it's For The Children™.
"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."
Let's count how many separate, unique ways this is stupid. You can keep score at home!

1. Technical Complexity = Fail. Most people don't even know how to turn on the dang security on their wireless routers. You're going to turn maybe a hundred million people into felons. For The Children™, of course.

2. Data Gathering and Retention is Imperfect. For years and years, I've worked in a branch of security that's all about collecting and analyzing access logs. Guess what? There are big gaps in logs, all the time. And these are logs collected by trained (and usually certified) system administrators. Logs drop things, especially things that are passed across the network - like DHCP access logs sent from your wifi router to a computer. If even IT professionals can't do this reliably, mom and dad are going to end up as felons. For The Children™, of course.

3. Home wifi routers don't have the horsepower. The wifi router that Verizon brought for my FiOS is teetering on the edge of collapse, just getting me on the network. If you turn logging on, it will fall over and logs will fail sporadically. There will be suspicious gaps in the logs, and the Federales will expect a better explaination than "the dumb thing ran out of gas." The lousy, cheap access router will make me a felon. For The Children™, of course.

4. Logs don't identify access. "You keep using that word. I do not believe that it means what you think it means." What Senator Low-Watt-Bulb wants is an audit trail that shows the Ethernet address of each computer that connects to your wireless network, using DHCP. Ethernet addresses are supposed to be unique - each network interface has one that is different from every other ethernet address. Except that the Ethernet spec requires every computer to be able to change the address to anything that you want. Not that you'd want to change it to Sen. Low-Watt-Bulb's ethernet address - that might make him a felon. For The Children™, of course.

There's quite a good discussion of this over at Slashdot, including this comment:

The first rule of a police state is that EVERYONE is breaking the law.

As tedious as it is, Atlas Shrugged has something to teach us. Don't bother to read the book though, all you need to know is in the following quote []:

"Did you really think that we want those laws to be observed?" said Dr. Ferris. "We want them broken. You'd better get it straight that it's not a bunch of boy scouts you're up against--then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. You fellows were pikers, but we know the real trick, and you'd better get wise to it. There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted--and you create a nation of law-breakers--and then you cash in on guilt. Now that's the system, Mr. Rearden, that's the game, and once you understand it, you'll be much easier to deal with."

Sometimes I feel like a bot whose only real purpose is to paste this quote. But as it is a leading force in American society that people seem to have mostly forgotten, I believe it bears some heavy repetition.

And so to the title of this post. Save us, Obi-wan Kenobi Favored Sons of Texas. You're our only hope. Please explain to your Sen. Low-Watt-Bulb that:
  1. He's an idiot, and reinforcing the name "Stupid Party."
  2. This is the kind of mindless, Big Brother, statist claptrap that we expect from the Contemptable Party. He needs to knock it off.
  3. His plan will work just as well as President Obama's rainbow farting unicorns.
  4. His constituents would like him to pretty please knock it off. Kthanxbai.
I know that I have some readers from Texas. Consider all y'all deputized.

UPDATE 22 February 2009 11:53: Madrocketscientist says it in fewer, but more pungent words. He expresses what is precisely the right attitude, especially his last sentence. And his first.

Thursday, February 19, 2009

Best. Commercial. Ever.

Random Acts of Patriotism has the best TV commercial ever made. I won't spoil it by describing it, just go watch.

What, you still here? Get on over there!

What do you do with old Oil Drilling rigs?

Well, you could dynamite them, but that leaves all sorts of oily junk on the seabed. Yuck.

Or you could turn them into luxury hotels.

You can tell it's a luxury hotel, and not a Red Roof Inn, because there's a yacht docked at it in the picture ...
According to BldgBlog, approximately 4,000 oil rigs in the Gulf of Mexico will be decommissioned within the next century. Morris proposed to convert this space into exclusive, self-sufficient eco-friendly, high-end resort islands off the Gulf of Mexico, dubbing it our very own American Dubai
Kind of clever how he plans to do it. Click through to the article.

Hat tip, Chad Crayton.

(In)Secure Sockets Layer

Secure Sockets Layer (SSL) is what your browser uses to securely send your private data over Al Gore's Intarwebz. It's the base on which all electronic transactions are built. It's the "s" in "https", the "Secure" HTTP.

And it seems that it's broken:

Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they're visiting protected sites when in fact they're not.

Unveiled Wednesday at the Black Hat security conference in Washington, SSLstrip works on public Wi-Fi networks, onion-routing systems, and anywhere else a man-in-the-middle attack is practical. It converts pages that normally would be protected by the secure sockets layer protocol into their unencrypted versions. It does this while continuing to fool both the website and the user into believing the security measure is still in place.

What's particularly disturbing is that what's really broken is not the encryption, but authentication: the bit that tells you that you're actually communicating with the site you think you are.

Is it, or is it a fake? Is it paypal, or a fake? Your bank, or a fake?

A couple of days ago, I said that it's hard for folks like me - who pay way too much attention to this sort of thing - to tell if a web site has good security or not. Now it's not possible if the web site that you think you're accessing is actually the web site.

The URL in the address bar? It can be faked.

The lock icon at the bottom of the page? It can be faked.

The entire web of trust, where Certification Authorities vouch for the organization that runs a web site? You can fake that, too.

If you're a little (but not too) technical, and if you're remotely interested in this, check out the presentation slides.

Now this would be an interesting but highly theoretical threat, except for one thing. Last summer, the Domain Name System (DNS) was shown to have a huge, massive, gaping security hole. So big, in fact, that anyone who wanted to (and knew how) could pretend to be any site they wanted.

That too was interesting but pretty theoretical - after all, it doesn't help you to masquerade as if you can't fake the SSL security that the site uses?

Now it doesn't matter. Yes, it's actualy more subtle than this - go read the slides. The bottom line is that you can go to a site that looks entirely legitimate (legitimate to a careful security geek like me), and find that it was a physher who nabbed your credit card.

Quite frankly, I'm not sure what to think here. This seems like it's really, really bad news. I plan on being extra paranoid. In particular, if you order something from Amazon or (shudder) bank online, and if you usually get an email confirmation after a transaction, watch for that email. Not that it can't be faked, too, but the more that the Bad Guy has to do to support his fakery, the more opportunity he has to mess up. Granted, it's not a lot, but everything helps.

Wednesday, February 18, 2009

The LORD has a sense of humor

Well, some of His followers do, anyway. LOLsaints is just like LOLcats, only instead of snarky feline humor, it's snarky humor from our Redeemer.

Pretty funny, really. If that's your bag, baby. This is my favorite:

Me, either. Heh.

And one more, just because:

Double heh.

Hat tip, Billy Ockham.

Get confidential information off your hard drive

With 12 gauge slugs.

Via email from Marcus, who points to a whole smörgåsbord of shooty, burny, crunchy hard disk security goodness. My favorite is the industrial shredder.

Be careful if you want to use the Thermite - it doesn't want to be put out once it starts burning ...

On a personal note, I once got to see the plant where Three Letter Security agency got rid of the classified trash. Shredders were involved there, too.

Attorney General Holder: US is a a "nation of cowards"

Well, now:
Eric Holder, the nation's first black attorney general, said Wednesday the United States was "a nation of cowards" on matters of race, with most Americans avoiding candid discussions of racial issues.
Several things come to mind:

1. What this "we", paleface?

2. The bien pensants will descend on me for using a clearly racist metaphor in 3 .. 2 .. 1 ..

3. Seriously, I believe that the most healing reply to this was Holder's own powerful rebuke to those claiming that a vote for McCain was a vote for racism. Oh, wait ...

4. Eric Holder is a Donkey.

Has their ever been an administration with more rookie mistakes than this one? Ever?


Page views, that is. A reader from Longmont, Colorado just nudged the page view count over what seemed a ridiculously high number when I started blogging 7 months ago.

Thanks, y'all!

Tuesday, February 17, 2009

From the Formerly Great Britain - smile for the camera

The UK is famous for its massive installation of surveillance cameras (CCTV), ostensibly for"public safety" reasons. Quick aside to inmates residents of old Blighty, when even Auntie Beeb thinks there's too much UK.Gov snooping, you're in Barney Rubble. Just sayin'.

However, this has been justified by "public safety" in public spaces. Surely this wouldn't impose on private citizens in their private life? Well, a "Pub" sounds like it would be "public", right?

A prospective pub landlord says the police insistence on him installing CCTV cameras to film everyone entering his pub threatens his customers' civil liberties.

Nick Gibson says he has been in a "silent rage" since the police outlined conditions to his licence application, which also requires him to hand over any film of drinkers on request.

Note to The Guardian: you inmates subjects of Her Britannic Magesty have no civil liberties, other than those that your rulers betters NuLabor darlings choose to give you.

Seems people are noticing:
The row comes a week after a House of Lords report stated that the steady expansion of the "surveillance society" risked undermining fundamental freedoms including the right to privacy.
Note to the Lords: you don't have any fundamental freedoms, other than those that your rulers betters NuLabor darlings choose to give you.

Fortunately, we can expect a huge drop in crime due to all the cameras. Oh, wait.

Snakeoil and you

Security guru Bruce Schneier hit the nail on the head in describing why security is so maddeningly difficult:
The problem with bad security is that it looks just like good security. You can't tell the difference by looking at the finished product. Both make the same security claims; both have the same functionality.
Companies spend a lot of money checking out security claims by its vendors. Entire industries - for example, Analyst organizations like Gartner Group -do a good business verifying vendor claims.

This keeps guys like me in pizza money, so I'm not complaining. It's a lot harder for folks who don't want to be a computer security geek. How can you tell the difference between good security and snake oil?

Unfortunately, mostly you can't. There, I said it.

It's bad enough on your home computer, where things are (relatively) simpler: personal firewall, antivirus, good choice of browser, patch regularly (that's Windows Update for most of you) that's about all you can expect.

What about people you give information to? How's their security?

You can't tell. I know this, because I can't tell, either. This is bad, because in a sense, it's my job to be able to tell, and I can't. Don't tell Big Tech Company, because I like having pizza money.

And so, you see things like this:
A UK childcare voucher scheme has admitted that confidential customer data was briefly left exposed to other users during an upgrade last week, but denied suggestions that any sensitive information leaked as a result. ...

Nick Gibbins, a Busy Bees user who discovered the breach and notified the firm, states he found email addresses of Busy Bees customers, National Insurance numbers, bank account details, payment logs and service logs on the site. In a blog posting, now restricted but still available through Google cache, Gibbins claimed that personal data for over one hundred thousand users was exposed by lax web security at Busy Bees.
John Leyden describes the system architecture that this organization used; what's surprising is not that it leaked sensitive data like a sieve, but that it took so long for anyone to notice. Basically, it's built on ten year old software, which means "save a boatload of money by not upgrading the system, and anyway what could possibly go wrong?"

Unfortunately, it's not something that you can expect to find out - there's no way to look at a web site and say "Ooo - lousy security! I'll go somewhere else." Well, no easy way.

So what can you do? The only thing I can suggest is what I do - don't give out personal information to anyone at all, if you can avoid it. I'm quite comfortable with email for communicating with my kid's school - it's relatively simple to secure, so there's a half way decent chance that the school will get it right.

A web site? Not a chance.

So choose a limited number of places you'll do business with over the web - Amazon, maybe. Your bank (grumble grumble). Limiting your exposure - at least until industry gets its hands around the web security problem - is your best defense. Anyone who insists that you use their "secure" web site to handle your sensitive information almost certainly has no idea how secure their web server is.

Cybercrime: $1Trillion in 2008

Rather a lot, really. You can discount this by quite a bit and still have a big chunk of change. This is what's attracting talent to the Black Hat community, and why malware is so much better than it was even 3 or 4 years ago.
“Cybercrime cost businesses an estimated $1 trillion worldwide in 2008, and some security experts believe the threat may be so bad that we may need to re-think our entire approach to the Internet.”
Via Bryon Acohido's blog, which comes recommended by SANS, which you don't see every day. Or ever, come to think of it. They have a good, free security "newsbites" email service, if that's your bag, baby.

Monday, February 16, 2009


Liberty has a post that's needing your attention.

Congratulations, Liberty David, and welcome, Jefferson. I'll miss your posts, but don't be a stranger, y'hear?

It ain't braggin' if you can do it

Sometimes it seems like I own Google.

Being number 2, I try harder. At least I have a comment comparing the Manneken Pis with the Big Chicken.

Want to understand the economic mess?

Then read Philip Greenspun's blog. I just stumbled across it, and it's filled with good stuff, like this:
Barack Obama promised on Monday not to rest as long as this economic downturn persisted. He promised to act decisively, change whatever had to be changed, spend whatever had to be spent. This is precisely what worries the investors to whom I spoke. They’d rather see the audacity of doing nothing.
He blogs at Harvard Law School, so he meets the official definition of "wicked smaht." RTWT.

"Quiet as a hole in the water"

That's what modern submarines are supposed to be. Looks like the Royal Navy and the French Navy are doing pretty well.
British and French nuclear missile submarines collided earlier this month beneath the Atlantic, according to reports. Much is being made of the fact that the two subs "failed to see each other", but this is actually quite normal.
I get a lot of my technology news from The Register, but this is the only article that gets this right. "Quiet" isn't a bug, it's a feature.
After all, the whole reason that nations expensively put nuclear missiles on submarines is that it's the only reliable way of making it impossible for anyone to know where the missiles are. Nobody should be surprised at two purposely-designed undetectable launch platforms having remained undetected.
What's astonishing to me is that this is astonishing to the MSM. Auntie Beeb missed this, The Sun (UK) missed it, too. The Sun calls it "Unthinkable." Well, then. Maybe they should get their technology news from El Reg:
At an event held in London this morning, Admiral Sir Jonathan Band (the First Sea Lord, head of the Royal Navy) told reporters including the Reg that both subs were on routine national-deterrent patrols and had hit each other while "moving very slowly". This is a missile boat's normal posture while on deterrent patrol, as it makes the sub as silent and undetectable as possible - evidently quite successfully in this case.
Kind of the point, innit, lads? Oh, and UK pols are grandstanding, happy to display their utter lack of a clue:

Lib Dem defence spokesman Nick Harvey has called for an immediate internal inquiry with some of the conclusions made public.

"While the British nuclear fleet has a good safety record, if there were ever to be a bang it would be a mighty big one," he said.

Um, it's Nitroglycerine that goes boom when you drop it, not Trident missles, mkay? They're, like, designed to not go off unless they're armed and all.

I'd call him an idiot, but unlike our pols, he didn't just spend a trillion bucks that #1 Son and #2 Son will have to figure out how to pay back.

Blowing Money

While eating breakfast in the Las Vegas airport this morning, I met three ironworkers from Tuscaloosa, Alabama. They said that work had been slow lately. Did they expect the stimulus bill going through Congress to help them out? Would $1 trillion in new government spending lead to more construction jobs? “That’s just blowing money up a wild hog’s ass.”
Why yes it is. Plus a post about a teacher who quit to become a flying instructor:
"... how could you quit an $80,000/year union job to become an $8/hour flight instructor?"

Smart guy, that Philip Greenspun.

Are Democrats afraid of pushing gun control?

Jay poses a question:
Now that Obama is flush with his "success" at ramming through the largest spending bill in US history, with concomitant fawning press, is he going to turn his gaze towards banning (certain) guns? With this spendulus bill he's come a hell of a lot closer to national health care than Bill Clinton ever came; isn't it conceivable that Obama would want to out-ban Bubba, too?
What I find very strange is that, while they snuck all sorts of stuff into the "stimulus" bill, they didn't put any gun control measures into it. At least as far as I've heard.

This can only mean they think that gun control has emerged as at least enough of a "third rail" that it can short circuit anything they attach it to.

They've just paid off most of the left. It will be really interesting to see if the left's appetite has gorwn with the eating.

UPDATE 19 February 12:43: Life on Sleepy Creek linked. Thanks!

Sunday, February 15, 2009

After Action Report - #1 Son drives the Jeep

Six Speed manual transmission.

All personnel and equipment safely returned to base.

Yes, please

Full disclosure time: I'm a Red Sox fan. Have been for a long, long time, since I was a wee lad. So I'll second Chris Lynch's suggestion about how to deal with A-Rod's steroids escapades:
Can you make the people at ballparks across the country play Huey Lewis and the News' song I Want a New Drug every time Alex Rodriguez come to bat.
Heh. Great song.

You can't fix stupid, even with math

#2 Son and I have been watching a lot of space science TV, and we just saw the Drake Equation discussed on the old Carl Sagan Cosmos show. The Drake Equation is designed to estimate the number (N) of planets in the galaxy that have intelligence life.
N = R^{\ast} \times f_p \times n_e \times f_{\ell} \times f_i \times f_c \times L \!
Sagan's discussion is a pretty good layman's introduction.

Looks like math, right? Science!

Um, not so much. You see, we have quite poor information about what the value should be for most of these variables. The Wikipedia article covers this in some depth, but it's summed up with, well, what I said:
Criticism of the Drake equation follows mostly from the observation that several terms in the equation are largely or entirely based on conjecture.
Now look, I don't have a problem with conjecture, as long as you call it that. But Sagan doesn't. He doesn't explicitly say that it's not science, and he doesn't explicitly say it is. He also does something very interesting: he doesn't remotely spend the same amount of time or emphasis on each variable. Sagan talks a lot about the variable for intelligent civilizations that blow themselves up. He even tries a couple of different values for that variable, so see how the number N changes. Go watch it again, paying attention to this emphasis. It's quite striking.

Things that we cannot control are glossed over, even if they would massively effect the overall outcome. Things that are politically top of mind are covered in depth. Does this remind you of anything?

The title of this post is a bit unfair, because Sagan wasn't stupid. He was selling something: nuclear freeze. Now, we can agree that the nuclear freeze movement was driven by noble motives (other than the well-documented Soviet influence), but that's entirely beside the point.

It's not science.

Carl Sagan didn't have the slightest idea what the correct value for L is. Nobody does. And if you plug a bunch of wild guesses into something that looks all scientific, you get garbage output.

Like this:
Yup, you read that right - a cool $2 million. For Borepatch.

Boy, howdy.

They ask you a lot of questions about your blog, so it's actually very similar to the Drake Equation. I didn't understand what would be reasonable values for some of the variables, so I'm a bit like Carl Sagan. Except I'm not selling you anything (unless, of course, you're interested in getting in on the ground floor, in which case I'll take personal checks).

After playing twenty questions with #2 Son - the old Socratic Method - I saw the light go off over his head. At least for the Drake Equation. But it's not just him; perhaps it's a symptom of how our society is less religious, but there is a fetishization of science. We expect miracles - don't bother me with your silly, inconvenient facts.

Another way to say it is that science sells. What are you, a skeptic denier, or something?

You can't fix stupid

Via Insty comes the sad tale of a woman arrested for an overdue library book, along with some quality snark:
I don't care who you are, now that's funny.

But snark aside, if you read the article at the link, you'll find some interesting information:
Court records show library employees tried repeatedly to contact Koontz by phone and mail. A police officer even visited her home last September.

Officials at the Buchanan County jail say Koontz was released after posting $250 bond.
I'm with the police on this one. They called to say the book was overdue and please bring it back. And called and called. They sent a policeman, not to arrest her, but to tell her that they called and called. What was she waiting for?

Like Ron White says, you can't fix stupid.

Saturday, February 14, 2009

Very cool photo manipulation web site

Online, and easy.

Someone with more artistic talent than I could do even better.

Unbelievably cool Lego Star Wars

Filed under both made of win and get a life, comes this:
A guy by the nickname of roholbro has spent a kajillion hours and bricks completing this huge reproduction of an Star Wars' Separatist Landing Craft, which can hold a whooping one hundred minifigs. One. Hundred.

It's not from a kit - he designed it himself. Stuff from kits goes inside it. I'm speechless.

Hat tip, Chad Crayton.

Jason Aldean - Johnny Cash

Today is Valentine's Day, so today's Saturday Redneck has a Valentine theme. Jason Aldean has one Gold and one Platinum album, but is still married to his high school sweetheart.

Aldean has gotten a lot of attention with his rocked up, "New Country" style, with songs like Hicktown and Amarillo Sky. Today's Saturday Redneck - Johnny Cash - is very much in that style. Fittingly for Valentine's day, it's about crazy, mad, passionate love, including eloping.

What's not to like about getting married by a Preacher Man who looks like Elvis?

Jason Aldean - Johnny Cash
Music Video Codes at

Johnny Cash (Songwriters: John Rich, Vicky McGehee, Rodney Clawson)
Quit my job flipped off the boss took my name of the payroll.
(screw you man)
Picked up my cell rang my baby's bell said I'm three miles from home.
I said sugar why don't you put on that sundress I like so much,
Wait out by the road I'm comin' to pick you up.

Throw your suitcase in the back,
Done gassed up the pontiac,
Blastin' out to Johnny Cash, headin' for the highway,
Baby we ain't ever comin' back.

It's four hundred and sixty seven miles to the outskirts of Las Vegas.
What do you say we go get married by a preacher man that looks like Elvis.
(yeah momma)
Sugar don't you worry bout tellin' your momma goodbye,
We'll send her a souvenier postcard from the wild side.

Throw your suitcase in the back,
Done gassed up the pontiac,
Blastin' out to Johnny Cash, headin' for the highway,
Baby we ain't ever comin' back.

Throw your suitcase in the back,
Done gassed up the pontiac,
Blastin' out to Johnny Cash, headin' for the highway,
Baby we ain't ever comin' back.


Hear that train a comin', rollin' round the bend.
the man in black is gonna rock your ass again.

Friday, February 13, 2009

Super H4X0r

Since all the Cool Kids are doing it ...

No hair? Check. Scraggly non-Grecian-Formula beard? Check. K3wL H4X0r death's head (for cyberpunk street cred)? Check. Sweet wheelgun (for cyberpunk street cred)? Check.

Come to think of it, I believe I've hired some Penetration Testers who looked a bit like this before ...

It's amazing how much time you can waste here.

Sauce for the Gander

A Web Defacement Archive is a web site that saves the images of famous (or not so famous) web sites that have gotten defaced by the Bad Guys. It's mostly of security-geek historical value, and the occasional giggle*.

Now it's perhaps more correctly hysterical value, because the defacement archive has - you guessed it - been defaced. Yes, those are dancing babies, from a Youtube video of a Diaper commercial.

And the site is Linux and Apache, not Windows and IIS, so Linux fanboyz can stop giggling. A bit. Well, OK, you can giggle.

The Register's writeup is pretty good, so when you're done giggling, it's worth a read. If that's your bag, baby.

More seriously, recent attacks at security firm Kaspersky Labs shows that even pretty smart security folks have trouble keeping up with this. Kaspersky has a clue, and make a pretty good antivirus scanner. And they still got pwned. Let's be careful out there.

* My favorite defacements were by Fluffy Bunny, who would leave pictures of a keyboard and a stuffed rabbit, saying Hacked by Fluffy Bunny. He added a touch of class to what was mostly l0Usy sP3LL1nG and l4m3 j0X3rz. At least until Constable Plod marched him out of the 2003 Infosec security Conference in manacles.

Let's party like it's 1234567890

Unix computers track dates by counting the number of seconds since January 1, 1970. Well, we've just gone past the date 1234567890 seconds since January 1, 1970.

Time to get jiggy. Or whatever the Hep Cats call it these days.

And since this time format is called Epoch Time, here's Epoch Fail. Heh.

Note that this has nothing to do with the Y2K bug, where programs ran out of space to store the date, and had to be fixed. That's the Unixalypse, and won't happen for another 20 odd years. The Register has more.

Random Photo - The Grand Canyon

Click to embiggen - this photo really requires it. Everyone should go to the Grand Canyon at least once, especially if you have kids. Even snarky teenagers are momentarily awed into silence.

Taken with a Fuji FinePix S5000, which is either too smart or too dumb to get proper depth of field. With my old Pentax K1000, I'd set the F-Stop as low as it goes, and there would be better focus on the canyon itself.

I'm still looking for a digital camera with easy manual controls - i.e. where you can set shutter speed and F-Stop without using a menu. Oh, and on a camera that doesn't cost $1500.

How to stop the Pork "Stimulus" Bill

The Republicans should publicly state that as soon as they regain control of congress and/or the White House, they will repudiate the bonds used to fund it.

Yes, this will panic the financial markets. It will also focus the discussion on how future generations are being raped for pure political gain by the Democratic party. It would be pretty hard for the Democrats to complain that the Republicans were being irresponsible.

Of course, the Republicans won't, because they have no stones. But it would work.

Come to think about it, if it takes the wind out of the Pork "Stimulus" bill, the markets would probably skyrocket. Which would underline the fact that the "stimulus" isn't a stimulus.

Thursday, February 12, 2009

Make sure that your WiFi has security enabled

A while back, I did a post called Hack your neighbor's wifi in 7 minutes. It turns out that this is a seriously popular Google search term, judging by my referrer logs.

Around 10% of my total traffic for the last week has been from people searching for this. Yikes.

While of course neither of my readers would use the Powers they get from this post for anything other than good, it does make you wonder. So if you haven't turned security on in your home WiFi router, you should. Follow the link above, and it will show you how.

Did Al Gore Visit Maine?

Just set a record for cold, at an (ahem) cool 50 degrees below zero:
AUGUSTA, Maine — Teeth are chattering in New England, where scientists just spent about a month scrutinizing weather data before proclaiming Tuesday that, yes, Maine has pulled even with Vermont in bragging rights for the region’s lowest recorded temperature — 50 below.
That's some Global Warming.

On a personal note, this is my first link to the Bangor Daily News. I used to deliver their papers. I remember 20 below, not too bad.

It was definitely not 50 below in Phoenix, over the holidays.

Wanted: Dead or Alive

There's a worm out there that's infected ten million computers. Microsoft isn't happy about it.

But maybe money can buy happiness - they've offered a cool $250,000 to anyone who rats the worm's creator out:

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm.

The bounty, announced Thursday, represents a revival of Microsoft's mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

Interesting approach. It will be more interesting if it works. 250 large might just do the trick.

Oh, and just because, some musical Dead or Alive:

Four Rules Fail

I wonder if the Box-o-Truth is doing some different testing?

Wednesday, February 11, 2009


Do I need to go back for a useful degree, like Computer Science?

Why would you go for a degree that's not useful? I have to confess to being completely mystified.

I love y'all, but ...

If I'm busy for a day, you don't stop by. It makes me think you only love me for my body blogging.

Valentine's day is coming up. Be mine. Even though I make you wait. ;-)